Filtered by vendor Jetbrains
Subscriptions
Filtered by product Intellij Idea
Subscriptions
Total
51 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-29263 | 1 Jetbrains | 1 Intellij Idea | 2024-08-03 | 7.8 High |
In JetBrains IntelliJ IDEA 2020.3.3, local code execution was possible because of insufficient checks when getting the project from VCS. | ||||
CVE-2021-25756 | 1 Jetbrains | 1 Intellij Idea | 2024-08-03 | 5.3 Medium |
In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS. | ||||
CVE-2021-25758 | 1 Jetbrains | 1 Intellij Idea | 2024-08-03 | 7.8 High |
In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution. | ||||
CVE-2022-48433 | 1 Jetbrains | 1 Intellij Idea | 2024-08-03 | 6.1 Medium |
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server. | ||||
CVE-2022-48430 | 1 Jetbrains | 1 Intellij Idea | 2024-08-03 | 5.5 Medium |
In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview. | ||||
CVE-2022-48432 | 1 Jetbrains | 1 Intellij Idea | 2024-08-03 | 5.2 Medium |
In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed. | ||||
CVE-2022-48431 | 1 Jetbrains | 1 Intellij Idea | 2024-08-03 | 4.5 Medium |
In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation. | ||||
CVE-2022-47896 | 1 Jetbrains | 1 Intellij Idea | 2024-08-03 | 5 Medium |
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks. | ||||
CVE-2022-47895 | 1 Jetbrains | 1 Intellij Idea | 2024-08-03 | 4.7 Medium |
In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files. | ||||
CVE-2022-46828 | 2 Apple, Jetbrains | 2 Macos, Intellij Idea | 2024-08-03 | 5.2 Medium |
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. | ||||
CVE-2022-46825 | 1 Jetbrains | 1 Intellij Idea | 2024-08-03 | 4 Medium |
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects. | ||||
CVE-2022-46827 | 1 Jetbrains | 1 Intellij Idea | 2024-08-03 | 3.9 Low |
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible. | ||||
CVE-2022-46826 | 1 Jetbrains | 1 Intellij Idea | 2024-08-03 | 6.2 Medium |
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability. | ||||
CVE-2022-46824 | 2 Apple, Jetbrains | 2 Macos, Intellij Idea | 2024-08-03 | 5.6 Medium |
In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible. | ||||
CVE-2022-40978 | 1 Jetbrains | 1 Intellij Idea | 2024-08-03 | 7.5 High |
The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking | ||||
CVE-2022-37010 | 1 Jetbrains | 1 Intellij Idea | 2024-08-03 | 3.6 Low |
In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed | ||||
CVE-2022-37009 | 1 Jetbrains | 1 Intellij Idea | 2024-08-03 | 3.9 Low |
In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible | ||||
CVE-2022-29814 | 1 Jetbrains | 1 Intellij Idea | 2024-08-03 | 6.9 Medium |
In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible | ||||
CVE-2022-29819 | 1 Jetbrains | 1 Intellij Idea | 2024-08-03 | 6.9 Medium |
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible | ||||
CVE-2022-29817 | 1 Jetbrains | 1 Intellij Idea | 2024-08-03 | 3.9 Low |
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible |